From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 13:25:04 +0000 (+0100)
Subject: CVE-2017-14056
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u8+rpi1^2~26
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f763a5d73dc9e89dc657021cbda5ece1be32eb87;p=libav.git

CVE-2017-14056

Origin: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de

Gbp-Pq: Name CVE-2017-14056.patch
---

diff --git a/libavformat/rl2.c b/libavformat/rl2.c
index 5d30bf8..48c1ea6 100644
--- a/libavformat/rl2.c
+++ b/libavformat/rl2.c
@@ -175,12 +175,21 @@ static av_cold int rl2_read_header(AVFormatContext *s)
     }
 
     /** read offset and size tables */
-    for(i=0; i < frame_count;i++)
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_size[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_offset[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         audio_size[i] = avio_rl32(pb) & 0xFFFF;
+    }
 
     /** build the sample index */
     for(i=0;i<frame_count;i++){